GitHub-Bitwarden
/
server
mirror of https://github.com/bitwarden/server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix skip sso for apikey login (#1308) 

* Improve mixing SSO login error

* Skip SSO requirement for API key logins

* Bypass MFA for apikey logins
pull/1314/head
Matt Gibson 5 years ago committed by GitHub
parent
70ab5b25a1
commit
354ff6e2cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 13
      src/Core/IdentityServer/BaseRequestValidator.cs
  2. 8
      src/Core/IdentityServer/CustomTokenRequestValidator.cs

13
src/Core/IdentityServer/BaseRequestValidator.cs
Unescape View File

@ -87,7 +87,7 @@ namespace Bit.Core.IdentityServer @@ -87,7 +87,7 @@ namespace Bit.Core.IdentityServer
return;
}
var twoFactorRequirement = await RequiresTwoFactorAsync(user);
var twoFactorRequirement = await RequiresTwoFactorAsync(user, request.GrantType);
if (twoFactorRequirement.Item1)
{
// Just defaulting it
@ -260,8 +260,14 @@ namespace Bit.Core.IdentityServer @@ -260,8 +260,14 @@ namespace Bit.Core.IdentityServer
protected abstract void SetErrorResult(T context, Dictionary<string, object> customResponse);
private async Task<Tuple<bool, Organization>> RequiresTwoFactorAsync(User user)
private async Task<Tuple<bool, Organization>> RequiresTwoFactorAsync(User user, string grantType)
{
if (grantType == "client_credentials")
{
// Do not require MFA for api key logins
return new Tuple<bool, Organization>(false, null);
}
var individualRequired = _userManager.SupportsUserTwoFactor &&
await _userManager.GetTwoFactorEnabledAsync(user) &&
(await _userManager.GetValidTwoFactorProvidersAsync(user)).Count > 0;
@ -286,9 +292,10 @@ namespace Bit.Core.IdentityServer @@ -286,9 +292,10 @@ namespace Bit.Core.IdentityServer
private async Task<bool> IsValidAuthTypeAsync(User user, string grantType)
{
if (grantType == "authorization_code")
if (grantType == "authorization_code" || grantType == "client_credentials")
{
// Already using SSO to authorize, finish successfully
// Or login via api key, skip SSO requirement
return true;
}

8
src/Core/IdentityServer/CustomTokenRequestValidator.cs
Unescape View File

@ -87,7 +87,13 @@ namespace Bit.Core.IdentityServer @@ -87,7 +87,13 @@ namespace Bit.Core.IdentityServer
}
protected override void SetSsoResult(CustomTokenRequestValidationContext context,
Dictionary<string, object> customResponse) => throw new System.NotImplementedException();
Dictionary<string, object> customResponse)
{
context.Result.Error = "invalid_grant";
context.Result.ErrorDescription = "Single Sign on required.";
context.Result.IsError = true;
context.Result.CustomResponse = customResponse;
}
protected override void SetErrorResult(CustomTokenRequestValidationContext context,
Dictionary<string, object> customResponse)

Write Preview
Loading…
Cancel
Save